For that purpose you can assign a list of secrets to a client or an API resource.

Secret parsing and validation is an extensibility point in identityserver, out of the box it supports shared secrets
as well as transmitting the shared secret via a basic authentication header or the POST body.

Our default private key JWT secret validator expects the full (leaf) certificate as base64 on the secret definition.
This certificate will then be used to validate the signature on the self-signed JWT, e.g.: